The IoT security firm, SAM has recently discovered a dangerous botnet attacking devices using the Realtek chipsets.
Not only this even this chipset is used by more than 65 vendors, which implies hundreds of thousands of smart devices are vulnerable to this security flaw.
Last week all these attacks were initiated which were reported and found by the fellow security firm, IoT Inspector. They claimed that this bug affected about a million devices which include the following devices:-
- Travel routers
- Wi-Fi repeaters
- IP cameras for lightning gateways
- Smart toys
- Smart lights
In total, there are more than 200 models of at least 65 vendors that are vulnerable, including the following brand names:-
- AIgital
- ASUSTek
- Beeline
- Belkin
- Buffalo
- D-Link
- Edimax
- Huawei
- LG
- Logitec
- MT-Link
- Netis
- Netgear
- Occtel
- PATECH
- TCL
- Sitecom
- TCL
- ZTE
- Zyxel
- Realtek’s own line of routers
According to the cybersecurity experts of SAM security firm, just three days after the IoT Inspector experts disclosed information about the vulnerabilities, all these attacks on the discovered problems were raised.
Most Dangerous flaw
The most dangerous flaw found by the researchers is tracked as, CVE-2021-35395 which has achieved a CVSS score of 9.8 out of 10.
This security flaw allows threat actors to connect to the web panel using a malformed URL, bypass authentication, and run malicious code with the most powerful prerogatives remotely.
In a web panel, the security bug that resides is used to configure the SDK/device. However, Realtek has already released the patches the day before the IoT Inspector released their research analysis, so, it’s not enough time for the device vendors to roll out the updates.
For this reason only, still, there are the vast majority of devices using outdated firmware, and that’s why they will remain vulnerable to such attacks.
Common Devices With the Realtek SDK
Apart from this, the security firm, SAM also mentioned the devices that most often found the network, and here they are mentioned below:-
- Netis E1+ extender
- Edimax N150 and N300 Wi-Fi router
- Repotec RP-WR5444 router
Moreover, the cybersecurity researchers of SAM security firm affirmed that all the vulnerable devices are attacked by the same Mirai-based botnet, it’s the same one which is seen recently in the attacks on devices with Arcadyan firmware.
IOCs
IP addresses – 31.210.20[.]100, 212.192.241[.]87
Files –
| Filename | Hash (sha256) |
| dark.x86 | a3ee4bd2f330bf6939cb9121f36261e42f54ffc45676120216fd8da4cb52036a |
| dark.mips | 9dfaa2e60027427c9f1ff377ad3cd3bc800b914c4b9ea5e408442d25f475dab9 |
| dark.mpsl | 24d6cd113c9ddf49cb6140d2cc185f2cc033170ac27e2c352d94848cc449c312 |
| dark.arm4 | caa8b10057fb699d463f309913d0557462e8b37afdaf4d0c3cff63f9b9605f0d |
| dark.arm5 | fd7da924fe743d2e09b10f4e8a01230f7bc884ae14ef0e6133e553de118a457e |
| dark.arm6 | 0c734c8c0f8e575a08672d01fc5a729605b3e9dbb4d0c62bd94ad86d2c3d6aeb |
| dark.arm7 | 85b07054472bbaa06d0611dfb28632ffa351d3b13e37b447914f49a1dfe07dc4 |
| dark.ppc | a5478d51a809aed51d633611371c105e3ec82490f9516d186e7013dabcf8c77f |
| dark.m68k | bf9d92666d3b25cf6e49234472a2fa515107eb6df07f4aee6deb6a42eed4fa92 |
| dark.sh4 | 16787be5e8d7de5816d590efb4916c7415f458bc7059d2d287715fb3ef8e0783 |
| dark.86_64 | 67a655d4360cfe0ca5db17c6486f3dfbca1c82c2af4bc1f2019cee68199108c7 |
Follow us on Linkedin, Twitter, Facebook for daily Cybersecurity News & Updates
